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DETAILED ACTION 



Claims 1-34 are presented for examination. 

Claim Rejections - 35 USC § 112 

The following is a quotation of the second paragraph of 35 
U.S.C. 112: 

The specification shall conclude with one or more claims particularly 
pointing out and distinctly claiming the subject matter which the applicant 
regards as his invention. 

Claim 7 and 13 recites the limitation "the unselected" in 2. 

There is insufficient antecedent basis for this limitation in 

the claim. 

Claim 13 recites the limitation "the selected services" in 6. 
There is insufficient antecedent basis for this limitation in 
the claim. 

Claim 13 recites the limitation "the unselected services" in 7. 
There is insufficient antecedent basis for this limitation in 
the claim. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs 
of 35 U.S.C. 102 that form the basis for the rejections under 
this section made in this Office action: 

A person shall be entitled to a patent unless - 
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(e) the invention was described in (1) an application for patent, published 
under section 122(b), by another filed in the United States before the 
invention by the applicant for patent or (2) a patent granted on an 
application for patent by another filed in the United States before the 
invention by the applicant for patent, except that an international 
application filed under the treaty defined in section 351(a) shall have the 
effects for purposes of this subsection of an application filed in the 
United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English 
language . 

Claims 1-6, 8-31 and 33-34 are rejected under 35 U.S.C. 102(e) 
as being anticipated by Scheer et al Publication Number 
20030131078 hereinafter "Scheer". 

As per claim 1, Scheer teaches a method comprising: 

identifying at least one role associated with a target 
server (network component is identified as firewall server, web 
server and an email server SI 0015-0018); 

identifying one or more services associated with the role 
(A firewall server typically contains, anti-virus and security 
software to protect the inner network components from a hacker 
or virus threat external to the local network 50018 and 50035); 
identifying one or more ports associated with the role (50023- 
0024); presenting the identified services and ports associated 
with the role to a user 50012 and 0023); and requesting the user 
to select among the identified ports for activation in the 
target server (50012-15 and 5 0022-0023) . 
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As per claim 2, Scheer teaches the method as recited in claim 1 
wherein the identified services and ports are limited to those 
that are relevant based on information obtained from a knowledge 
base (database 236, fig. 2 stores information such as various 
typical network topologies 226, typical network configuration 
settings, generic digital images for servers, design rules, and 
pointers to the records tracker 234, as well as other 
information (SI 0032 and fl 0022) . 

As per claim 3, Scheer teaches the method as recited in claim 1 
wherein the identified services and ports are limited to those 
that are relevant based on information regarding a target server 
(5 0022-0023) . 

As per claim 4, Scheer teaches the method as recited in claim 1 
further comprising activating the selected services and ports 
(Next, the master configurer 102 may consult a design rule logic 
block 220 to determine that the firewall server should be 
layered as the first device to receive incoming data packets (1 
0018 and 1 0022-0023) . 

As per claim 5, Scheer teaches the method as recited in claim 4 
wherein services associated with the role are identified from a 
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knowledge base (Next, the master configurer 102 may consult a 
design rule logic block 220 to determine that the firewall 
server should be layered as the first device to receive incoming 
data packets (1 0018 and 1 0022-0023). 

As per claim 6, Scheer teaches the method as recited in claim 4 
wherein ports associated with the role are identified from a 
knowledge base (! 0018 and 1 0022-0023) . 



As per claim 8, Scheer teaches the method as recited in claim 1 
further comprising generating an output file containing services 
and ports selected by the user (10026-0027) . 

As per claim 9, Scheer teaches the method as recited in claim 1 
further comprising displaying details regarding the role in 
response to a request by the user (10022-0027) . 

As per claim 10, Scheer teaches the method as recited in claim 1 
further comprising displaying a list of options for handling a 
service associated with the target server that is not defined in 
a knowledge base (10022-0027 and 0032). 
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As per claim 11, Scheer teaches the method as recited in claim 
10 further comprising requesting the user to select an option 
for handling the service (50020-0023) . 

As per claim 12 , Scheer teaches One or more computer-readable 
memories containing a computer program that is executable by a 
processor to perform the method recited in claim 1 (see fig. 2) . 

As per claim 13 and 18-19, Scheer teaches the method comprising: 
identifying one or more roles associated with a target server; 
identifying one or more services associated with the roles; 
displaying the identified services associated with the roles (A 
wizard program may guide a user through a graphic user interface 
228 10022-0026); allowing a user to modify the displayed 
services (10022-0026) ; and identifying the selected services as 
active services and identifying the unselected services as 
inactive services ("For example, the rule base may include a set 
of rules that govern what is and what is not allowed through the 
firewall. Firewall servers must be assigned to a certain IP 
address. E-mail servers and web servers must be assigned to 
certain sockets and ports. " 10022-0026) selecting port 25 
implies selecting SMTP service. 
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As per claim 14, Scheer teaches the method as recited in claim 
13 wherein identifying services associated with the role 
includes retrieving data from a knowledge base (1 0018 and 1 
0022-0023) . 

As per claim 15, Scheer teaches the method as recited in claim 
13 further comprising generating an output file containing 
services modified by the user (1 0026-0027) . 

As per claim 16, Scheer teaches the method as recited in claim 
13 wherein the user is responsible for configuring the target 
server (10022-0027) . 

As per claim 17, Scheer teaches method as recited in claim 13 
further comprising generating an output file identifying active 
ports and inactive ports (10022-0027). 

As per claim 20, Scheer teaches method as recited in claim 19 
further comprising generating an output file identifying ports 
selected by the user (10026-0027 ) . 

As per claim 21, Scheer teaches method as recited in claim 19 
wherein the one or more ports are identified using information 
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contained in a knowledge base (10022-0027 and 0032) . 

As per claim 22, Scheer teaches method as recited in claim 19 
wherein the user is responsible for configuring the target 
server (10022-0027) . 

As per claim 23, Scheer teaches method as recited in claim 22 
further comprising: displaying one or more ports associated with 
the role; and requesting the user to select among the one or 
more ports to activate in the target server. 

As per claim 24, Scheer teaches one or more computer-readable 
memories containing a computer program that is executable by a 
processor to perform the method recited in claim 19. 

As per claims 25 and 30, Scheer teaches an apparatus comprising: 

a pre-processor to receive information regarding 
server roles from a knowledge base and to receive 
characteristics of a target server (5 0018-0022 and f 0032 ), 
wherein the pre-processor generates a file containing server 
role information relevant to the target server (see server role 
112 and 114 in fig. 2 and 1 0027), and wherein information in 
the file regarding services and ports associated with the server 
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roles is presented to a user for selection (50012 and 0023- 
0026); and a configuration engine coupled to the pre-processor, 
wherein the configuration engine configures the target server 
based on the user's selection of services and ports (to 
configure web server one must select port 80 and similarly to 
mail server needs port 25 to be selected 10012-15 and 5 0022- 
0023) . 

As per claim 26, Scheer teaches the apparatus as recited in 
claim 25 further comprising a user interface application to 
generate an output file identifying services selected by the 
user (50022-0027) . 

As per claim 27, Scheer teaches the apparatus as recited in 
claim 25 further comprising a user interface application to 
generate an output file identifying ports selected by the 
user (10022-0027) . 

As per claim 28, Scheer teaches the apparatus as recited in 
claim 26 wherein the configuration engine applies the output 
file when configuring the target server (fig. 2, deployment 
logic 230; configuration 222 and (50022-0027). 
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As per claim 29, Scheer teaches the apparatus as recited in 
claim 27 wherein the configuration engine applies the output 
file when configuring the target server (10022-0027) . 

As per claim 31, Scheer teaches One or more computer-readable 
media as recited in claim 30 wherein the one or more processors 
further activate the selected services and ports during 
configuration of the target server (to configure web server one 
must select port 80 and similarly to mail server needs port 125 
to be selected 10012-15 and 1 0022-0023) . 

As per claim 33, Scheer teaches One or more computer-readable 
media as recited in claim 30 wherein the one or more processors 
further identify the one or more services and the one or more 
ports associated with the role are identified from a knowledge 
base fl 0028-0029) . 

As per claim 34, Scheer teaches One or. more computer-readable 
media as recited in claim 30 wherein the one or more processors 
further display one or more options for handling a service 
associated with the target server that is not defined in a 
knowledge base (5 0022-0026) . 
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Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which 
forms the basis for all obviousness rejections set forth in this 
Office action: 

(a) A patent may not be obtained though the invention is not identically 
disclosed or described as set forth in section 102 of this title, if the 
differences between the subject matter sought to be patented and the prior 
art are such that the subject matter as a whole would have been obvious at 
the time the invention was made to a person having ordinary skill in the 
art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

Claims 7 and 32 are rejected under 35 U.S.C. 103(a) as being 

unpatentable over Scheer et al Publication Number 20030131078 

hereinafter "Scheer" . 

As per claim 7 and 32, although Scheer shows substantial 
features of the claimed invention including configuring web 
server, email server and security services, he does not 
explicitly show deactivating unselected services and ports. 
Nonetheless, this feature is well known in the art and would 
have been an obvious to a person of ordinary skill in the art at 
the of the invention to deactivate unselected services and ports 
for the advantage of reducing unnecessary service running on the 
network and to avoid the vulnerabilities associated with the 
unnecessary ports. 
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Conclusion 

The prior made of record and not relied upon is considered 
pertinent to applicant's disclosure. 

Any inquiry concerning this communication or earlier 
communications from the examiner should be directed to Yasin 
Barqadle whose telephone number is 571-272-3947. The examiner 
can normally be reached on 9:00 AM to 5:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, 
the examiner's supervisor, Glenn Burgess can be reached on 571- 
272-3949. The fax phone numbers for the organization where this 
application or proceeding is assigned are 703-^872-9306 for 
regular communications and 703-746-7238 for After Final 
communications . 

Any inquiry of a general nature or relating to the status 
of this application or proceeding should be directed to the 
receptionist whose telephone number is 703-305-3900. 

Information regarding the status of an application may be 
obtained form the Patent Application Information Retrieval 
(PAIR) system. Status information for published applications may 
be obtained from either private PAIR or public PAIR system. 
Status information for unpublished applications is available 
through private PAIR only. For more information about the PAIR 
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system, see http://pair-direct.uspto.gov. Should you have 
questions on access to the Private PAIR system, contact the 
Electronic Business Center (EBC) at 866-217-9197 (toll-free) . 
YB 
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